1. Field of the Invention
The present invention relates to network communication apparatuses, and more particularly, to routing devices and related control circuits with enhanced defense capability against network address resolution protocol (ARP) attacks.
2. Description of Related Art
Address Resolution Protocol (ARP) information plays an important role in Ethernet communications, but attackers or malicious programs could easily poison the ARP information of the terminal devices or the routing device in the local area network by using so-called ARP spoofing means.
Since the routing device is the key equipment for data communications between the local area network and other network sections, the terminal devices in the local area network would become unable to communicate with other network sections (such as Internet) once the ARP information stored in the routing device is poisoned by the ARP attacks.
To avoid the ARP information stored in the routing device from being poisoned by the ARP attacks, one conventional solution requires the network administrator to personally configure and input each network address resolution entry for the routing device. However, this approach is not practical in many network environments. For example, in network environments where the network protocol addresses are dynamically assigned, in wireless network environments where the terminal devices often change their locations, or in network environments with numerous terminal devices or complex topology, it is obviously unrealistic to require the network administrator to manually input numerous ARP entries to the routing device, especially those ARP entries may need to be updated frequently.